Wireguard inside docker

[Osrx]

Hello.

Is there any chance or possibility to run wg in container like this way:
docker exec -it wireguard /usr/bin/wg show all dump

Or may be you have another solution?

[Grizzelbee]

Hi @Osrx

currently I'm not using docker for things like this - so I really have no experience with that. But I basically like this idea. So - why not?

But there are some things to clarify first:

The adapter is currently working on a CLI of the host running WireGuard.
It executes a command (currently wg show all dump without any path) and parses the result from the command line. It will only work if every command needed is in the search path no additional passwort entry is forced (ensured by using root, UID-bit or sudoers rule ).

• Is this docker command sufficient to produce exactly the same result than the fully local command?
• will the /usr/bin path be exactly the same in all docker environments (distros)?
• What about the sudoers line (security in general)? Will it stay the same or is another one needed?
• will a sudo be needed prior to the command? At least some times? In other words: has the configured user ALL the needed privileges?

[Osrx]

I think I've found workaround but it not work.
Let me explain.

To start wg command inside docker container I should execute this command:
docker exec -it wireguard /usr/bin/wg show all dump
Where "wireguard" is my container with wireguard daemon running.

I try to make a shell alias for user that iobroker should run this adapter:
alias wg='docker exec -it wireguard /usr/bin/wg'
Also I've add this alias to .bashrc file. If I connect via ssh to docker host and run command it works flawlessly.
My ssh user "wg-check" must be a member of "docker" group to allow execute docker commands without superuser permissions.

Mac-home-2:~ osirix$ ssh -2 [email protected]
[email protected]'s password:
Linux CloudHost 4.9.0-15-amd64 #1 SMP Debian 4.9.258-1 (2021-03-08) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Apr 20 22:31:18 2022 from x.x.x.x
wg-check@CloudHost:~$ wg show all dump
wg0	FjwR27xD5Q1vjNdfFiR7LSr01T5SshxFU5+l0NVVlGs=	FjwR27xD5Q1vjNdfFiR7LSr01T5SshxFU5+l0NVVlGs=	32772	off
wg0	FjwR27xD5Q1vjNdfFiR7LSr01T5SshxFU5+l0NVVlGs=	(none)	x.x.x.x:6279	x.x.x.x/32,x.x.x.x/24	1650483303	1846060300	515509908	off
wg0	FjwR27xD5Q1vjNdfFiR7LSr01T5SshxFU5+l0NVVlGs=	(none)	x.x.x.x:27081	x.x.x.x/32,x.x.x.x/24	1631651362	18472148	6042920	off
wg0	FjwR27xD5Q1vjNdfFiR7LSr01T5SshxFU5+l0NVVlGs=	(none)	x.x.x.x:53997	x.x.x.x/32	1650483214	35307216	129599348	off
wg0	FjwR27xD5Q1vjNdfFiR7LSr01T5SshxFU5+l0NVVlGs=	(none)	x.x.x.x:51370	x.x.x.x/32,x.x.x.x/24	1646123566	193981084	112532172	off
wg0	FjwR27xD5Q1vjNdfFiR7LSr01T5SshxFU5+l0NVVlGs=	(none)	x.x.x.x:47301	x.x.x.x/32	1650281294	1578525164	21811437232	off
wg0	FjwR27xD5Q1vjNdfFiR7LSr01T5SshxFU5+l0NVVlGs=	(none)	x.x.x.x:51013	x.x.x.x/32	1650042095	61301548	721674240	off
failed to resize tty, using default size
                                        wg-check@CloudHost:~$

But If i try to connect with command entered inline with ssh client connect string I receive an error:

Mac-home-2:~ osirix$ ssh -2 [email protected] wg show all dump
[email protected]'s password:
bash: wg: command not found
Mac-home-2:~ osirix$

And adapter is not working. In debug log there are this strings:

wireguard.0 | 2022-04-20 22:50:24.798 | debug | Host: Test has 0 wireguard interface(s).
-- | -- | -- | --
wireguard.0 | 2022-04-20 22:50:24.796 | debug | Workdata: [[""]]
wireguard.0 | 2022-04-20 22:50:24.795 | debug | RawData has 1 lines
wireguard.0 | 2022-04-20 22:50:24.778 | debug | received rawdata:
wireguard.0 | 2022-04-20 22:50:24.775 | debug | Stream :: close
wireguard.0 | 2022-04-20 22:50:24.564 | debug | Executing command: [wg show all dump]
wireguard.0 | 2022-04-20 22:50:24.562 | debug | ssh client :: authenticated
wireguard.0 | 2022-04-20 22:50:24.071 | info | Connecting to host [Test] on address [test.duckdns.org]
wireguard.0 | 2022-04-20 22:48:24.070 | info | Started 120 seconds monitoring interval for host [Test]
wireguard.0 | 2022-04-20 22:48:24.068 | debug | {"name":"Test","hostaddress":"test.duckdns.org","user":"EQHS]\u0006\u0006\b","password":"xxx","sudo":false,"pollInterval":"120"}
wireguard.0 | 2022-04-20 22:48:24.067 | info | There is 1 wireguard host to monitor.
wireguard.0 | 2022-04-20 22:48:24.020 | info | starting. Version 1.1.3 in /opt/iobroker/node_modules/iobroker.wireguard, node: v14.19.1, js-controller: 4.0.21
wireguard.0 | 2022-04-20 22:48:23.644 | debug | Plugin sentry Initialize Plugin (enabled=true)
wireguard.0 | 2022-04-20 22:48:23.598 | debug | States connected to redis: 127.0.0.1:9000
wireguard.0 | 2022-04-20 22:48:23.581 | debug | States create User PubSub Client
wireguard.0 | 2022-04-20 22:48:23.580 | debug | States create System PubSub Client
wireguard.0 | 2022-04-20 22:48:23.566 | debug | Redis States: Use Redis connection: 127.0.0.1:9000
wireguard.0 | 2022-04-20 22:48:23.538 | debug | Objects connected to redis: 127.0.0.1:9001
wireguard.0 | 2022-04-20 22:48:23.518 | debug | Objects client initialize lua scripts
wireguard.0 | 2022-04-20 22:48:23.484 | debug | Objects create User PubSub Client
wireguard.0 | 2022-04-20 22:48:23.480 | debug | Objects create System PubSub Client
wireguard.0 | 2022-04-20 22:48:23.463 | debug | Objects client ready ... initialize now
wireguard.0 | 2022-04-20 22:48:23.409 | debug | Redis Objects: Use Redis connection: 127.0.0.1:9001

Do you have any ideas about what is happens?

I think the possible workaround may be to make users possible to enter their own "wg" command to achieve result.
So default command may be:
wg show all dump
but in my case it will
docker exec -it wireguard /usr/bin/wg show all dump

Thank's for your Job! =)

[Grizzelbee]

I see the issues - but we need to solve them from the adapter-support perspektive. I can't provide an config option to enter an individual command. This will end up in endless support due to completely wrong or simply misspelled commandlines. And in addtion there is not enough space in the admin interface because you can configure as many hosts as you like in the adapter and every single host may need another commandline. So - currently this is no option to me.

My current idea is: providing a "Docker"-Checkbox next to the "sudo"-checkbox and code an underlying command which will be executed when it's checked.
E.g:

• No checkbox checked: wg show all dump will be executed (for root-like users)
• Sudo checkbox is checked: sudo wg show all dump will be executed (works with proper sudoers line)
• Docker checkbox is checked: docker exec -it wireguard /usr/bin/wg show all dump will be executed
• Sudo and Docker checkbox are checked: sudo docker exec -it wireguard /usr/bin/wg show all dump will be executed

But: we might have two separate security levels in this szenario. The security level of docker and the security level of wg. Since wg is a very powerfull command that usualy needs root-like permissions. I don't know how docker handels this. I'm not familiar enough with docker to have a real overview. But in the end there is the rule: whatever command gets executed - the adapter doesn't support confirming it with a password.

That's why some questions arise. But since your wireguard container seems to be the/an official one from docker.hub I consider to implement it the way I described and just give it a try. I assume that I need to implement an "Fritzbox"-option in the future as well. ;)

[Osrx]

Get in mind that in this command:
sudo docker exec -it wireguard /usr/bin/wg show all dump
In this command 'wireguard' string is a name of container that can vary between installations. Not a problem for me rename it to whatever, but it depends...

Some words about security. I see some options to execute this command without entering sudo password.

1. Add adapter check user wg-check, in my case, to group docker. This make possible this user to get root permissions in all docker containers. Bad idea...
2. Add string wg-check ALL = NOPASSWD: ALL to /etc/sudoers via visudo. Your string wg-check ALL=NOPASSWD:/usr/bin/wg show all dump not work for me because return error about bad syntax due unacceptable exact command and also parameters/usr/bin/wg show all dump inside string with NOPASSWD tag except ALL.
   root@CloudHost:/etc# sudo -V Sudo version 1.8.19p1 Sudoers policy plugin version 1.8.19p1 Sudoers file grammar version 45
   Not investigate this enough. Very bad idea... =(

And final sad result after updating adapter to 1.2.0 nothing changed:

wireguard.0 | 2022-04-22 00:04:18.661 | error | No info returned from wg executable. Maybe your WireGuard server is down or monitoring user is missing permissions!
-- | -- | -- | --
wireguard.0 | 2022-04-22 00:04:18.660 | debug | Host: Cloud has 0 wireguard interface(s).
wireguard.0 | 2022-04-22 00:04:18.659 | debug | Workdata: [[""]]
wireguard.0 | 2022-04-22 00:04:18.658 | debug | RawData has 1 lines
wireguard.0 | 2022-04-22 00:04:18.646 | debug | received rawdata:
wireguard.0 | 2022-04-22 00:04:18.644 | debug | Stream :: close
wireguard.0 | 2022-04-22 00:04:18.295 | debug | Executing command: [docker exec -it wireguard /usr/bin/wg show all dump]
wireguard.0 | 2022-04-22 00:04:18.294 | debug | ssh client :: authenticated
wireguard.0 | 2022-04-22 00:04:17.767 | info | Retrieving WireGuard status from host [Cloud] on address [test.duckdns.org]
wireguard.0 | 2022-04-22 00:03:17.764 | info | Started 60 seconds monitoring interval for host [Cloud]
wireguard.0 | 2022-04-22 00:03:17.762 | debug | {"name":"Cloud","hostaddress":"test.duckdns.org","user":"xxx","password":"xxx","sudo":false,"docker":true,"pollInterval":"60"}
wireguard.0 | 2022-04-22 00:03:17.761 | info | There is 1 wireguard host to monitor.
wireguard.0 | 2022-04-22 00:03:17.715 | info | starting. Version 1.2.0 (non-npm: Grizzelbee/ioBroker.wireguard#a07b3ab467bce3b4d5cfcdcb2e7b432f18fd3c5f) in /opt/iobroker/node_modules/iobroker.wireguard, node: v14.19.1, js-controller: 4.0.21
wireguard.0 | 2022-04-22 00:03:17.359 | debug | Plugin sentry Initialize Plugin (enabled=true)

adapter still can't get result...

[Grizzelbee]

In this command 'wireguard' string is a name of container that can vary between installations.

I'm aware of this and accepted that some users might need to rename their container if they like to use this adapter. But since it should be a very common name for a WireGuard container, it shouldn't be many. Let's see how many users complain about this. ;-)

Add adapter check user wg-check, in my case, to group docker. This make possible this user to get root permissions in all docker containers. Bad idea...

That's exactly what I wrote under my security point 1. ;-)

Add string wg-check ALL = NOPASSWD: ALL to /etc/sudoers via visudo. [...]

I'm aware that this line won't work out for docker users. It doesn't even work out for each and every standart installation users. It may be needed to modify it to fit the own environment. There are too many variations in path' and so on to support them all in a software or a readme and keep it handy and simple for the majority of users. I assume that users with advanced environments will have advanced skills as well to adapt their environment to fit the needs of the adapter. At least spending half an hour to read some sudoers documentation - because I think this will be the solution for most users: Creating their own sudoers line that fits for them.

But ... the whole workchain of the adapter is pretty simple:

1. Login to the remote host via ssh (open a non-interactive shell - but you can test it with an interactive shell too)
2. drop the pre configured command (without the need of entering a password - thats where sudoers comes in place; if your not prompted for a password during an interactive shell session it should work)
3. read the result of the command
4. close the shell
5. process the received data

I think a sudoers line for docker users may look like:
<wg-monitoring-user> ALL=NOPASSWD:/path/to/docker/docker exec -it wireguard /usr/bin/wg show all dump

The great benefit of puzzling out and using a sudoers line is that only this single command with excatly these parameters in exactly this order will be executeded without being propmted for a password. Every variation will require a password. So in your case the first command executed is docker and the rest are parameters to it. Thats why you need a docker line and the wg line dosen't work for you. Let's figure it out and document it in the readme for other users.

Ähhhmmmm: To make it fully clear: using docker with a sudoers line requires you to check the sudo AND the docker checkboxes.

Reminder from readme (some hints to sudoers):

wireguard-monitoring-user ALL=NOPASSWD:/usr/bin/wg show all dump

This setting allows the on ALL hosts to execute the wg show all dump command from the directory /usr/bin/ (may need to be changed on your distribution) without needing a password (NOPASSWD).

So this line <wg-monitoring-user> ALL=NOPASSWD:/path/to/docker/docker exec -it wireguard /usr/bin/wg show all dump reads like:
Allow "wg-monitoring-user" on ALL hosts to execute the command docker exec -it wireguard /usr/bin/wg show all dump with docker in the the path (/path/to/docker/) to be executed without being prompted for a password (NOPASSWD).
This requires that the name of the container is "wireguard" and the wg-executable is in /usr/bin inside the container.

[Osrx]

In my distribution is unacceptable to enter any execution command with or without parameters.
Only ALL is acceptable if I use NOPASSWD flag. This is not a docker problem.
Exact the same situation explained here

Ok, by the way this is not the main problem. Enter string wg-check ALL = NOPASSWD: ALL via visudo and all is run correctly via ssh session from user wg-check. But the error is the same:

wireguard.0 | 2022-04-22 20:27:48.651 | error | No info returned from wg executable. Maybe your WireGuard server is down or monitoring user is missing permissions!
-- | -- | -- | --
wireguard.0 | 2022-04-22 20:27:48.651 | debug | Host: Os-Cloud has 0 wireguard interface(s).
wireguard.0 | 2022-04-22 20:27:48.651 | debug | Workdata: [[""]]
wireguard.0 | 2022-04-22 20:27:48.650 | debug | RawData has 1 lines
wireguard.0 | 2022-04-22 20:27:48.648 | debug | received rawdata:
wireguard.0 | 2022-04-22 20:27:48.647 | debug | Stream :: close

also i have try another method.
I've create sh script: /usr/bin/wg
with content:

#!/bin/sh
#
docker exec -it wireguard /usr/bin/wg show all dump

Give it a suid and execution bits bit.

Try ssh:

Mac-home-2:~ osirix$ ssh -2 [email protected]
[email protected]'s password:
Linux CloudHost 4.9.0-15-amd64 #1 SMP Debian 4.9.258-1 (2021-03-08) x86_64
wg-check@CloudHost:~$ wg show all dump
wg0	XXX=	XXX=	32772	off
wg0	XXX=	(none)	172.19.0.1:48689	10.100.5.2/32,10.100.1.0/24	1650648973	11394336	3772068	off
wg0	XXX=	(none)	(none)	10.100.5.3/32,10.100.2.0/24	0	0	0	off
failed to resize tty, using default size
                                        wg-check@CloudHost:~$

All fine, but log from adapter is the same:

wireguard.0 | 2022-04-22 20:34:26.424 | debug | Host: Os-Cloud has 0 wireguard interface(s).
-- | -- | -- | --
wireguard.0 | 2022-04-22 20:34:26.422 | debug | Workdata: [[""]]
wireguard.0 | 2022-04-22 20:34:26.421 | debug | RawData has 1 lines
wireguard.0 | 2022-04-22 20:34:26.400 | debug | received rawdata:
wireguard.0 | 2022-04-22 20:34:26.396 | debug | Stream :: close
wireguard.0 | 2022-04-22 20:34:26.087 | debug | Executing command: [wg show all dump]
wireguard.0 | 2022-04-22 20:34:26.086 | debug | ssh client :: authenticated
wireguard.0 | 2022-04-22 20:34:25.557 | info | Retrieving WireGuard status from host [Os-Cloud] on address [test.duckdns.org]
wireguard.0 | 2022-04-22 20:34:15.554 | info | Started 10 seconds monitoring interval for host [Os-Cloud]
wireguard.0 | 2022-04-22 20:34:15.553 | debug | {"name":"Os-Cloud","hostaddress":"test.duckdns.org","user":"EQHS]\u0006\u0006\b","password":"xxx","sudo":false,"docker":false,"pollInterval":"10"}
wireguard.0 | 2022-04-22 20:34:15.552 | info | There is 1 wireguard host to monitor.

So I don't have idea where is an issue... =(
Can you return full string returned from ssh client after wg command entered?

[Grizzelbee]

Okay. Let's bring it into an order. So first things first:

In my distribution is unacceptable to enter any execution command with or without parameters.
Linux CloudHost 4.9.0-15-amd64 #1 SMP Debian 4.9.258-1 (2021-03-08) x86_64

From you logs I can see you are on a Debian Linux - me either. Therefore I know the distribution is able to accept such a sudoers line that I proposed. But anyways...

To locate to real issue please:

1. Remove all sudoers lines you may have inserted and all shell scripts, aliasses, and so on. Means: do a full cleanup of what may have been messed up. Let's start from scratch and go step by step!
2. Use user root in the adapter - check docker and uncheck sudo. As a result only the docker exec -it wireguard /usr/bin/wg show all dump command should get executed with root permissions and I expect that to work since root has all the privileges needed and shouldn't be prompted for a password under any circumstances (at least for this szenario).
3. If that works: try to login manually to your server using the wg-check user. Once you reached the commandline execute docker exec -it wireguard /usr/bin/wg show all dump. If you are prompted for a password the adapter will fail. If not - it should work. If you did the cleanup corretly I expext this test to fail. Means: You'd be prompted for a password.
4. If point 3 fails as expected: as root create a new file named wg-check in /etc/sudoers.d/ with the following content:

# file to allow user wg-check retrieving the wireguard status without being promped for a password
# needed for iobroker adapter iobroker.wireguard
wg-check ALL=NOPASSWD:/usr/bin/docker exec -it wireguard /usr/bin/wg show all dump

5. repeat test 3 and I expext it to work.

I expect every config that doesn't prompt for a password to work in the adapter.

Please tell me the results of all these tests here!

Can you return full string returned from ssh client after wg command entered?

I already do:

wireguard.0 | 2022-04-22 20:34:26.421 | debug | RawData has 1 lines
wireguard.0 | 2022-04-22 20:34:26.400 | debug | received rawdata:

[Osrx]

Step 2 fails.
Run under root. Log is the same:

wireguard.0 | 2022-04-23 22:20:51.650 | error | No info returned from wg executable. Maybe your WireGuard server is down or monitoring user is missing permissions!
-- | -- | -- | --
wireguard.0 | 2022-04-23 22:20:51.649 | debug | Host: Os-Cloud has 0 wireguard interface(s).
wireguard.0 | 2022-04-23 22:20:51.647 | debug | Workdata: [[""]]
wireguard.0 | 2022-04-23 22:20:51.647 | debug | RawData has 1 lines
wireguard.0 | 2022-04-23 22:20:51.636 | debug | received rawdata:
wireguard.0 | 2022-04-23 22:20:51.634 | debug | Stream :: close
wireguard.0 | 2022-04-23 22:20:50.909 | debug | Executing command: [docker exec -it wireguard /usr/bin/wg show all dump]
wireguard.0 | 2022-04-23 22:20:50.909 | debug | ssh client :: authenticated
wireguard.0 | 2022-04-23 22:20:50.385 | info | Retrieving WireGuard status from host [Os-Cloud] on address [test.duckdns.org]
wireguard.0 | 2022-04-23 22:20:40.382 | info | Started 10 seconds monitoring interval for host [Os-Cloud]
wireguard.0 | 2022-04-23 22:20:40.380 | debug | {"name":"Os-Cloud","hostaddress":"test.duckdns.org","user":"@Y\nD","password":"xxx","sudo":false,"docker":true,"pollInterval":"10"}
wireguard.0 | 2022-04-23 22:20:40.379 | info | There is 1 wireguard host to monitor.
wireguard.0 | 2022-04-23 22:20:40.333 | info | starting. Version 1.2.0 (non-npm: Grizzelbee/ioBroker.wireguard#a07b3ab467bce3b4d5cfcdcb2e7b432f18fd3c5f) in /opt/iobroker/node_modules/iobroker.wireguard, node: v14.19.1, js-controller: 4.0.21
wireguard.0 | 2022-04-23 22:20:39.942 | debug | Plugin sentry Initialize Plugin (enabled=true)

I'll make cheanges in sudoers as you write and the result as previous.

root@CloudHost:/etc# cat ./sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults	env_reset
Defaults	mail_badpass
Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root	ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo	ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

#wg-check   ALL = NOPASSWD: ALL
#wgcheck ALL=NOPASSWD:docker exec -it wireguard /usr/bin/wg show all dump

root@CloudHost:/etc#

root@CloudHost:/etc# cat /etc/sudoers.d/wg-check
# file to allow user wg-check retrieving the wireguard status without being promped for a password
# needed for iobroker adapter iobroker.wireguard
wg-check ALL=NOPASSWD:/usr/bin/docker exec -it wireguard /usr/bin/wg show all dump

root@CloudHost:/etc#

ssh session now fine. You are right about sudoers somewhere is my mistake:

Mac-home:~ osirix$ ssh -2 [email protected]
[email protected]'s password:
wg-check@CloudHost:~$ sudo docker exec -it wireguard /usr/bin/wg show all dump
wg0	FjwR27xD5Q1vjNdfFiR7LSr01T5SshxFU5+l0NVVlGs=	FjwR27xD5Q1vjNdfFiR7LSr01T5SshxFU5+l0NVVlGs=	32772	off
wg0	FjwR27xD5Q1vjNdfFiR7LSr01T5SshxFU5+l0NVVlGs=	(none)	172.19.0.1:56852	10.100.5.2/32,10.100.1.0/24	1650744317	92210280	31171740	off
wg0	FjwR27xD5Q1vjNdfFiR7LSr01T5SshxFU5+l0NVVlGs=	(none)	(none)	10.100.5.3/32,10.100.2.0/24	0	0	0	off
wg-check@CloudHost:~$

but:

wireguard.0 | 2022-04-23 23:09:35.791 | error | No info returned from wg executable. Maybe your WireGuard server is down or monitoring user is missing permissions!
-- | -- | -- | --
wireguard.0 | 2022-04-23 23:09:35.789 | debug | Host: Os-Cloud has 0 wireguard interface(s).
wireguard.0 | 2022-04-23 23:09:35.787 | debug | Workdata: [[""]]
wireguard.0 | 2022-04-23 23:09:35.786 | debug | RawData has 1 lines
wireguard.0 | 2022-04-23 23:09:35.766 | debug | received rawdata:
wireguard.0 | 2022-04-23 23:09:35.763 | debug | Stream :: close
wireguard.0 | 2022-04-23 23:09:35.490 | debug | Executing command: [sudo docker exec -it wireguard /usr/bin/wg show all dump]
wireguard.0 | 2022-04-23 23:09:35.489 | debug | ssh client :: authenticated
wireguard.0 | 2022-04-23 23:09:35.095 | info | Retrieving WireGuard status from host [Os-Cloud] on address [os-cloud.duckdns.org]
wireguard.0 | 2022-04-23 23:09:25.092 | info | Started 10 seconds monitoring interval for host [Os-Cloud]
wireguard.0 | 2022-04-23 23:09:25.091 | debug | {"name":"Os-Cloud","hostaddress":"test.duckdns.org","user":"EQHS]\u0006\u0006\b","password":"xg]^\u0000%\u0010\\\u000bxP%E=am\u0000","sudo":true,"docker":true,"pollInterval":"10"}
wireguard.0 | 2022-04-23 23:09:25.090 | info | There is 1 wireguard host to monitor.

Try to execute ssh command directly via ssh connect string:

Mac-home:~ osirix$ ssh -2 [email protected] sudo /usr/bin/docker exec -it wireguard /usr/bin/wg show all dump
[email protected]'s password:
the input device is not a TTY
Mac-home:~ osirix$

This issue may be in method which docker returns output... =(

[Grizzelbee]

This issue may be in method which docker returns output... =(

Yepp. That's the issue since docker doesn't use STDOUT for it's output. Therefore I made a change in V1.2.1 to use a pseudoTTY. That should work. Please give v1.2.1 a try - it may fix the issue with not getting any response from the docker container. After installing that fix I expect to get data in the line:

wireguard.0 | 2022-04-23 23:09:35.766 | debug | received rawdata:

And if getting any data there the adapter gets some data to work with.

[Grizzelbee]

@Osrx Please confirm wether the v1.2.1 solved the issue or not to let me know wether I can push it into stable.

[Osrx]

Confirmed!!! Thank you a lot!

…

26 апр. 2022 г., в 11:09, Grizzelbee ***@***.***> написал(а):  @Osrx Please confirm wether the v1.2.1 solved the issue or not to let me know wether I can push it into stable. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.